Skip to content

chore: FL-0000 bump google.golang.org/grpc from 1.71.1 to 1.79.3#9

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/google.golang.org/grpc-1.79.3
Open

chore: FL-0000 bump google.golang.org/grpc from 1.71.1 to 1.79.3#9
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/google.golang.org/grpc-1.79.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 19, 2026
edited
Loading

Bumps google.golang.org/grpc from 1.71.1 to 1.79.3.

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

  • server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

  • stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)

Release 1.79.1

Bug Fixes

Release 1.79.0

API Changes

  • mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (#8806)
  • experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (#8780)

Behavior Changes

  • balancer/weightedtarget: Remove handling of Addresses and only handle Endpoints in resolver updates. (#8841)

New Features

  • experimental/stats: Add support for asynchronous gauge metrics through the new AsyncMetricReporter and RegisterAsyncReporter APIs. (#8780)
  • pickfirst: Add support for weighted random shuffling of endpoints, as described in gRFC A113.
    • This is enabled by default, and can be turned off using the environment variable GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING. (#8864)
  • xds: Implement :authority rewriting, as specified in gRFC A81. (#8779)
  • balancer/randomsubsetting: Implement the random_subsetting LB policy, as specified in gRFC A68. (#8650)

Bug Fixes

  • credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (#8726)
  • xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in CONNECTING state. (#8813)
  • health: Fix a bug where health checks failed for clients using legacy compression options (WithDecompressor or RPCDecompressor). (#8765)
  • transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (#8769)
  • server: Propagate status detail headers, if available, when terminating a stream during request header processing. (#8754)

Performance Improvements

  • credentials/alts: Optimize read buffer alignment to reduce copies. (#8791)
  • mem: Optimize pooling and creation of buffer objects. (#8784)
  • transport: Reduce slice re-allocations by reserving slice capacity. (#8797)

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 19, 2026
@dependabot dependabot Bot requested a review from caseyh as a code owner March 19, 2026 01:49
@dependabot dependabot Bot requested review from Copilot and removed request for Copilot March 19, 2026 01:49
@caseyh caseyh changed the title chore(deps): bump google.golang.org/grpc from 1.71.1 to 1.79.3 chore: FL-0000 bump google.golang.org/grpc from 1.71.1 to 1.79.3 Apr 28, 2026
@caseyh
Copy link
Copy Markdown
Member

caseyh commented Apr 28, 2026

@dependabot rebase

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 28, 2026

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@caseyh
Copy link
Copy Markdown
Member

caseyh commented Apr 28, 2026

@dependabot recreate

@dependabot
chore(deps): bump google.golang.org/grpc from 1.71.1 to 1.79.3
169284a 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.71.1 to 1.79.3.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.71.1...v1.79.3)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.79.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore: FL-0000 bump google.golang.org/grpc from 1.71.1 to 1.79.3 chore(deps): bump google.golang.org/grpc from 1.71.1 to 1.79.3 Apr 28, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/google.golang.org/grpc-1.79.3 branch from 1e23b7b to 169284a Compare April 28, 2026 20:47
@caseyh caseyh changed the title chore(deps): bump google.golang.org/grpc from 1.71.1 to 1.79.3 chore: FL-0000 bump google.golang.org/grpc from 1.71.1 to 1.79.3 Apr 28, 2026
@caseyh caseyh marked this pull request as draft April 28, 2026 20:53
@caseyh caseyh marked this pull request as ready for review April 28, 2026 20:53
Copilot AI review requested due to automatic review settings April 28, 2026 20:53
Copilot AI reviewed Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the module’s Go dependencies to pick up google.golang.org/grpc v1.79.3 (from v1.71.1) and the resulting transitive upgrades across the dependency graph (notably google.golang.org/protobuf, golang.org/x/*, and OpenTelemetry modules). This aligns the repo with upstream fixes and improvements in gRPC and related libraries used indirectly via Google Cloud clients.

Changes:

  • Bump google.golang.org/grpc to v1.79.3 (indirect).
  • Refresh multiple transitive dependencies (e.g., OpenTelemetry, golang.org/x/*, genproto).
  • Update go.sum to reflect the new resolved module set and checksums.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
go.mod Updates google.golang.org/grpc and various indirect dependency versions after the bump.
go.sum Updates checksums and resolved pseudo-versions for the refreshed dependency graph.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@caseyh caseyh Awaiting requested review from caseyh caseyh is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@caseyh